Help Center/ ROMA Connect/ API Reference/ Service Integration APIs/ Signature Key Management/ Creating a Signature Key
Updated on 2025-03-26 GMT+08:00
Online Debugging
CLI Examples
View PDF
Share

Creating a Signature Key

Function

To ensure API security, tenants are advised to provide a protection mechanism for API access. That is, for APIs exposed by tenants, the request sources must be authenticated. Requests that do not meet the authentication requirements will be rejected. The signature key is one of the API security protection mechanisms. A tenant creates a signature key and binds it to an API. When requesting the API, APIC uses the bound signature key to encrypt the request parameters and generate a signature. When a tenant's backend service receives a request, it verifies the signature. If the signature verification fails, the request is not sent by APIC. In this case, the tenant can reject the request to ensure API security and prevent the API from being attacked by requests from unknown sources.

URI

POST /v2/{project_id}/apic/instances/{instance_id}/signs

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference.

instance_id

Yes

String

Instance ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

name

Yes

String

Signature key name. The value can contain only letters, digits, and underscores(_) and must start with a letter.

sign_type

No

String

Signature key type:

  • hmac

  • basic

  • public_key

  • aes

To use a Basic or AES signature key, ensure that your instance version supports it. If your instance does not support this type of signature key, contact technical support to upgrade your instance.

To use a public_key signature key, ensure that the public_key feature has been configured for your instance. For details, see "Appendix" > "Supported Features". If your instance does not support this feature, contact technical support to enable it.

sign_key

No

String

Signature key.

  • hmac signature key: The value contains 8 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • basic signature key: The value contains 4 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • public_key signature key: The value contains 8 to 512 characters, including letters, digits, underscores (_), hyphens (-), plus signs (+), slashes (/), and equal signs (=). The value must start with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified.

  • aes signature key: The value supports letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must start with a letter, digit, plus sign (+), or slash (/). If the signature algorithm is aes-128-cfb, the value is 16 characters. If the signature algorithm is aes-256-cfb, the value is 32 characters. A key is automatically generated by the backend if no key is specified.

sign_secret

No

String

Signature secret.

  • hmac signature secret: The value contains 16 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • basic signature secret: The value contains 8 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • public_key signature secret: The value contains 15 to 2048 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified.

  • Vector of the AES signature secret: The value contains up to 16 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified.

sign_algorithm

No

String

Signature algorithm. The default value is empty. Only AES signature keys support the signature algorithm. Other signature keys do not support the signature algorithm.

Response Parameters

Status code: 201

Table 4 Response body parameters

Parameter

Type

Description

name

String

Signature key name. The value can contain only letters, digits, and underscores(_) and must start with a letter.

sign_type

String

Signature key type:

  • hmac

  • basic

  • public_key

  • aes

To use a Basic or AES signature key, ensure that your instance version supports it. If your instance does not support this type of signature key, contact technical support to upgrade your instance.

To use a public_key signature key, ensure that the public_key feature has been configured for your instance. For details, see "Appendix" > "Supported Features". If your instance does not support this feature, contact technical support to enable it.

sign_key

String

Signature key.

  • hmac signature key: The value contains 8 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • basic signature key: The value contains 4 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • public_key signature key: The value contains 8 to 512 characters, including letters, digits, underscores (_), hyphens (-), plus signs (+), slashes (/), and equal signs (=). The value must start with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified.

  • aes signature key: The value supports letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must start with a letter, digit, plus sign (+), or slash (/). If the signature algorithm is aes-128-cfb, the value is 16 characters. If the signature algorithm is aes-256-cfb, the value is 32 characters. A key is automatically generated by the backend if no key is specified.

sign_secret

String

Signature secret.

  • hmac signature secret: The value contains 16 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • basic signature secret: The value contains 8 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • public_key signature secret: The value contains 15 to 2048 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified.

  • Vector of the AES signature secret: The value contains up to 16 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified.

sign_algorithm

String

Signature algorithm. The default value is empty. Only AES signature keys support the signature algorithm. Other signature keys do not support the signature algorithm.

update_time

String

Update time.

create_time

String

Creation time.

id

String

Signature key ID.

Status code: 400

Table 5 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 401

Table 6 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 403

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 404

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 412

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 500

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Example Requests

Create a signature key of the default type.

{
  "name" : "signature_demo",
  "sign_key" : "signkeysignkey",
  "sign_secret" : "sig**********ret"
}

Example Responses

Status code: 201

Created

{
  "sign_secret" : "sig**********ret",
  "update_time" : "2020-08-03T03:39:38.119032888Z",
  "create_time" : "2020-08-03T03:39:38.119032659Z",
  "name" : "signature_demo",
  "id" : "0b0e8f456b8742218af75f945307173c",
  "sign_key" : "signkeysignkey",
  "sign_type" : "hmac"
}

Status code: 400

Bad Request

{
  "error_code" : "APIG.2011",
  "error_msg" : "Invalid parameter value,parameterName:name. Please refer to the support documentation"
}

Status code: 401

Unauthorized

{
  "error_code" : "APIG.1002",
  "error_msg" : "Incorrect token or token resolution failed"
}

Status code: 403

Forbidden

{
  "error_code" : "APIG.1005",
  "error_msg" : "No permissions to request this method"
}

Status code: 404

Not Found

{
  "error_code" : "APIG.3030",
  "error_msg" : "The instance does not exist;id:f0fa1789-3b76-433b-a787-9892951c620ec"
}

Status code: 412

PreconditionFailed

{
  "error_code" : "APIG.3548",
  "error_msg" : "sign_type=public_key not supported by instance 6a29d4e9-69a0-412a-aabe-9898ec0903b0"
}

Status code: 500

Internal Server Error

{
  "error_code" : "APIG.9999",
  "error_msg" : "System error"
}

Status Codes

Status Code

Description

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

PreconditionFailed

500

Internal Server Error

Error Codes

See Error Codes.

Parent topic: Signature Key Management